We have a suite of Windows Services running on our servers which perform a bunch of automated tasks independently of one another, with the exception of one service which looks after the other services.
In the event that one of the services should fail to respond or hang, this service attempts to restart the service and, if an exception is thrown during the attempt, emails the support team instead, so that they can restart the service themselves.
Having done a little research, I've come across a few 'solutions' which range from the workaround mentioned in KB907460 to giving the account under which the service is running administrator rights.
I'm not comfortable with either of these methods - I don't understand the consequences of the first method as outlined in Microsoft's knowledge base article, but I definitely don't want to give administrator access to the account under which the service is running.
I've taken a quick look through the Local Security Policy and other than the policy which defines whether or not an account can log on as a service, I can't see anything else which looks like it refers to services.
We're running this on Server 2003 and Server 2008, so any ideas or pointers would be graciously received!
Clarification: I don't want to grant the ability to start/stop/restart ALL services to a given user or group - I want to be able to grant the permission to do so on specific services only, to a given user or group.
Further Clarification: The servers I need to grant these permissions on do not belong to a domain - they are two internet-facing servers which receive files, process them and send them on to third parties, as well as serving a couple of websites, so Active Directory Group Policy isn't possible. Sorry that I didn't make this clearer.
